Tài liệu mạng máy tính nâng cao application layer protocol 2
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (627.02 KB, 54 trang )
Application Layer
Protocols 2
CuuDuongThanCong.com
/>
Today's objectives
More on FSMs
aggregate state machine
checking properties
More application-layer protocols
remote login
quick introduction to security
ssh: secure shell
peer-to-peer networks
CuuDuongThanCong.com
/>
2
Application layer
Host
Router
Host
Application
Application
Transport
Transport
Network
Link/Physical
CuuDuongThanCong.com
Network
L/P
L/P
Network
Link/Physical
/>
3
Intersection server FSM #1
RED
rcv_msg (cl, RED)
------------------------------send_msg ([NSEW \ cl],
ALL_RED)
rcv_msg(cl, NEED_GREEN)
--------------------------------send_msg (cl, OK_GREEN)
ONE_GREEN
rcv_msg(cl, NEED_GREEN)
--------------------------------CuuDuongThanCong.com
/>
4
Intersection client FSM #1
from_detector (car waiting)
--------------------------------------send_msg(server, NEED_GREEN)
RED
CAR_WAITING
timer expires
------------------------------set_light (red)
send_msg (server, RED)
CuuDuongThanCong.com
GREEN
rcv_msg(OK_GREEN)
--------------------------------set_timer (20sec)
set_light (set green)
/>
5
Joint FSM
Joint FSM:
An FSM that captures the evolution of the system as a whole
Each state S of the joint FSM corresponds to the set of states
each component FSM 1,...,n is in:
S=(S1,S2,...,Sn)
Every transition (S1,S2,...,Sn) -> (S1',S2',...,Sn') corresponds
to one or several transitions in component FSMs
If several transitions, they have to be concurrent
CuuDuongThanCong.com
/>
6
Joint FSM for intersection protocol #1
State = (server, state_client1, state_client2)
(OG,
R,CW)
(R,
R,CW)
(R,
CW,R)
(OG,
CW,R)
(R,
R,R)
(OG,
R,G)
(OG,
CW,CW)
(OG,
CW,G)
(OG,
R,R)
(OG,
R,R)
(R,
CW,CW)
(OG,
CW,R)
CuuDuongThanCong.com
(R,
CW,R)
(R,
CW,CW)
(R,
R,CW)
(OG,
G,R)
(OG,
CW,CW)
(OG,
R,CW)
/>
(OG,
G,CW)
7
Joint FSM for intersection protocol #1
(OG,
R,CW)
(R,
R,CW)
(R,
CW,R)
(OG,
CW,R)
(R,
R,R)
(OG,
R,G)
(OG,
CW,CW)
(OG,
CW,G)
(OG,
R,R)
(OG,
R,R)
(R,
CW,CW)
(OG,
CW,R)
CuuDuongThanCong.com
(R,
CW,R)
(R,
CW,CW)
(R,
R,CW)
(OG,
G,R)
(OG,
CW,CW)
(OG,
R,CW)
/>
(OG,
G,CW)
8
Joint FSM for intersection protocol #1
Classes of states
We can leave class 1 to either class 2 or 3 and never come
back!
Class 1
Class 2
CuuDuongThanCong.com
Class 3
/>
9
Intersection client FSM #2, no blocking
from_detector (car waiting)
--------------------------------------send_msg(server, NEED_GREEN)
RED
CAR_WAITING
timer expires
------------------------------set_light (red)
send_msg (server, RED)
CuuDuongThanCong.com
GREEN
rcv_msg (ALL_RED)
--------------------------------------send_msg(server, NEED_GREEN)
rcv_msg(OK_GREEN)
--------------------------------set_timer (20sec)
set_light (set green)
/>
10
Joint FSM for intersection protocol #2
State = (server, state_client1, state_client2)
(OG,
R,CW)
(R,
R,CW)
(R,
CW,R)
(OG,
CW,R)
(R,
R,R)
(OG,
R,G)
(OG,
R,R)
(OG,
CW,CW)
(OG,
CW,G)
srv: rcv(cl2, NEED_GREEN)
-------------------------------------srv: send(cl2, OK_GREEN)
(R,
CW,CW)
(OG,
CW,R)
CuuDuongThanCong.com
(R,
CW,R)
(OG,
R,R)
(R,
cl2: rcv(ALL_RED)
CW,CW)
--------------------------------------cl2: send(srv,NEED_GREEN)
(R,
R,CW)
(OG,
R,CW)
/>
(OG,
G,R)
(OG,
CW,CW)
(OG,
G,CW)
11
Joint FSM for intersection protocol #2
Single class of states
We can go from anywhere to anywhere, given the right “input”
Class 1
CuuDuongThanCong.com
/>
12
Another example of FSM-based analysis
condition C
----------------action D
condition A
----------------action B
X
condition C
----------------action D
Y
condition A
----------------action B
is equivalent to:
condition A
----------------action B
Z
condition C
----------------action D
All that matters is input->output
Can we get rid of internal states?
Automatic simplification
CuuDuongThanCong.com
/>
13
FSM: summary
Individual FSM:
Describes individual protocol entity
Joint FSM:
Can be generated automatically
Describes communicating set of entities
Protocol verification: check properties such as “no absorbing
classes of states”; if such a class exists, what is sequence of
events that leads there, etc.
Advantage:
Allows mathematical proof of these properties
Software tools, code generators
Disadvantage:
Computational complexity quickly becomes large as FSMs
become more complex -> number of joint states explodes
CuuDuongThanCong.com
/>
14
Remote session: telnet, rlogin, ssh
Work on a remote system
Applications
telnet
R-commands of Unix
rlogin, rsh, rcp
ssh
Principles
send characters typed on the keyboard to the remote
shell
receive characters from the remote shell and display
CuuDuongThanCong.com
/>
15
rlogin, telnet, ssh
t eln et
clien t
t er m in al
dr iver
user
CuuDuongThanCong.com
t eln et
ser ver
TCP/ IP
TCP/ IP
pseudo
t er m in al
dr iver
sh ell
/>
16
rlogin
Connection between UNIX systems
port 513
Authentication
password (send in clear)
.rhosts file
host name
user name
Typed character
echo sent by the remote system
CuuDuongThanCong.com
/>
17
telnet
Connection between any system
NVT (Network Virtual Terminal)
common denominator between different systems
NVT ASCII
–
–
Port 23
Options
7 b i t s , en d of l i n e: CR, LF
al s o u s ed b y FTP, SMTP, f i n ger , w h oi s , HTTP
character mode, line mode
Escape - interpreted by the client
Control-]
CuuDuongThanCong.com
/>
18
SSH: what is network security?
Confidentiality: only sender, intended receiver
should “understand” message contents
sender encrypts message
receiver decrypts message
Authentication: sender, receiver want to confirm
identity of each other
Message Integrity: sender, receiver want to
ensure message not altered (in transit, or
afterwards) without detection
Access and Availability: services must be
accessible and available to users
CuuDuongThanCong.com
/>
19
Friends and enemies: Alice, Bob, Trudy
Well-known in network security world
Bob, Alice want to communicate “securely”
Trudy (intruder) may intercept, delete, add
messages
Bob
Alice
ch an n el dat a, con t r ol
m es s ages
dat a
secur e
sen der
secur e
r eceiver
dat a
Tr udy
CuuDuongThanCong.com
/>
20
Who might Bob, Alice be?
… well, real-life Bobs and Alices!
Web browser/server for electronic transactions
(e.g., on-line purchases)
on-line banking client/server
DNS servers
routers exchanging routing table updates
other examples?
CuuDuongThanCong.com
/>
21
There are bad guys (and girls) out there!
Q: What can a “bad guy” do?
A: a lot!
eavesdrop: intercept messages
actively insert messages into connection
impersonation: can fake (spoof) source address in
packet (or any field in packet)
hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself in place
denial of service: prevent service from being used by
others (e.g., by overloading resources)
CuuDuongThanCong.com
/>
22
The language of cryptography
KA
plain t ext
Alice’s
encryption
key
en cr ypt ion
algor it h m
ciph er t ext
KB
Bob’s
decryption
key
decr ypt ion plain t ext
algor it h m
symmetric key crypto: sender, receiver keys
identical
public-key crypto: encryption key public, decryption
key secret (private)
CuuDuongThanCong.com
/>
23
Symmetric key cryptography
substitution cipher: substituting one thing for
another
monoalphabetic cipher: substitute one letter for another
plaintext:
abcdefghijklmnopqrstuvwxyz
ciphertext:
mnbvcxzasdfghjklpoiuytrewq
E.g.:
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Q: How hard to break this simple cipher?:
brute force (how hard?)
other?
CuuDuongThanCong.com
/>
24
Symmetric key cryptography
K
A- B
plain t ext en cr ypt ion ciph er t ext
m essage, m algor it h m
KA-B(m)
K
A- B
decr ypt ion plain t ext
algor it h m
m = KA-B(KA-B(m))
symmetric key crypto: Bob and Alice share know
same (symmetric) key: KA-B
e.g., key is knowing substitution pattern in mono
alphabetic substitution cipher
Q: how do Bob and Alice agree on key value?
CuuDuongThanCong.com
/>
25
